With the proliferation of computer networks, and with the increase in the number and types of devices that are linked to computer networks, network security has become increasingly important. To enforce security policies, all nodes in the network may have a role to play. For example, even though a network may have a single gateway that regulates the entry and exit of data traffic into and out of the network, each router or switch in the network can augment the security functions of the gateway by enforcing rules regarding the passage of traffic through that router or switch. Thus, the overall security policy of the network is the result of both the security rules enforced by the gateway and the security rules enforced by the routers and the switches.
With multiple devices on a network taking part in security, the task of setting or changing the overall security policy of the network becomes complicated. This is especially true when each of the devices is configured independently from the others. In fact, one of the biggest challenges in trying to establish new security policies on a network is trying to determine what the existing security policy of the network is. This is because each device that is involved in network security has its own settings, and each device's setting may need to be taken into account. Another challenge in setting or changing the security policy of a network is representing the network's existing security policy in a way that is meaningful to a user.